China, U.S. Plan Cyber 'Code of Conduct'

Chinese State Councilor Yang Jiechi meets with U.S. Secretary of State John Kerry. Source: State Department

At the end of a two-day China-U.S. strategic summit in Washington, U.S. Secretary of State John Kerry said June 24 that both sides had agreed on the need to create and abide by a new cyber "code of conduct."

"We continued our conversations on cybersecurity and on cybertheft. And the United States is deeply concerned about cyber-incursions that have raised security questions and, frankly, harmed American businesses," Kerry said at a press conference following the event. "We believe very strongly that the United States and China should be working together to develop and implement a shared understanding of appropriate state behavior in cyberspace, and I'm pleased to say that China agreed that we must work together to complete a code of conduct regarding cyber-activities.

The White House did not detail a timeline for when the agreed-upon China-U.S. cyber code of conduct might be completed. But Kerry said he hoped related efforts would now begin "very, very quickly."

Meeting of Leaders

President Obama met with China's Vice Premier Liu Yandong, Vice Premier Wang Yang and State Councilor Yang Jiechi at the close of the two days of talks - the U.S.-China Strategic and Economic Dialogue and Consultation on People-to-People Exchange - coordinated by the U.S. State Department. Obama pressed Chinese officials over the country's cyber-related activities, urging them to take steps to lower related tensions between the U.S. and China, according to the White House (see U.S.-China Fisticuffs Over Cyberspying).

Cyber-espionage has become an even hotter topic than usual in the wake of the discovery that the U.S. Office of Personnel Management was breached, which Congress has been told may have resulted in tens of millions of data breach victims (see OPM Breach Victims: Tens of Millions?). Multiple government officials - speaking on condition of anonymity - as well as information security experts have traced that breach to attackers operating from China, according to news reports.

But the White House has refrained from making any attribution of the OPM attacks to China or anyone else, and that stance continued in this week's meetings. "The president raised ongoing U.S. concerns about China's cyber and maritime behavior, and he urged China to take concrete steps to lower tensions," the White House said in a statement, without elaborating about what those steps might be.

China's Reaction

Summarizing the two-day meeting alongside Kerry, Chinese State Councilor Yang Jiechi, via an interpreter, said June 24 that the Chinese government does not condone hacking. "On cyber issues, China affirmed its firm position - firm opposition and crackdown on all forms of cyber hacking, as well as China's readiness for cooperation with the U.S. on cybersecurity on the basis of mutual respect and equality and mutual benefit," Yang said. "China urged the U.S. to respect facts, work together with China to improve the cyber relations between the two countries."

At a subsequent press conference, Kerry declined to answer any OPM-related questions, saying that a related FBI investigation remains ongoing. He noted that Chinese officials had voiced concerns about every nation playing by the same rules. "There was an honest discussion about - without accusations, without any finger-pointing - about the problem of cybertheft and whether or not it was sanctioned by government or whether it was hackers and individuals that the government has the ability to prosecute," he said. "But on the broader issue of cybersecurity, China also has a very clear interest in making certain that everybody is behaving by a certain set of standards."

At an intelligence conference on June 25, however, Director of National Intelligence James Clapper said China is the "leading suspect" behind the massive OPM breach.

More Than Cybersecurity

The summit discussions were not limited to cybersecurity matters. Indeed, the State Department says they touched on trade, investment, economic reforms and climate change, featuring input from everyone from actor Matt Damon, to Chinese film director Zhang Yimou, to NBA All-Star Yao Ming. "We've also had candid conversations about standards of behavior in cyberspace," Kerry said in a joint press conference with the Chinese delegation. "We agree there is value in bilateral and international cooperation on these issues."

With the rapid economic growth seen by China in recent years now in decline, economists say that Chinese leaders have been scrambling to refocus their economy on domestic consumption, creating more service-oriented businesses, as well as promoting more innovative and "clean" technologies (see China Delays Tough Bank Tech Rules). And a large portion of the meetings, also led by U.S. Secretary of the Treasury Jacob Lew, focused on economic matters.

Obama, too, touched on related efforts. "The president expressed support for China's efforts to reform and rebalance its economy, and for our ongoing bilateral investment treaty negotiations, while urging China to address major economic challenges in the areas of its currency, technology and investment policies," the White House said.

About the Author

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the Executive Editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, amongst other publications. He lives in Scotland.

Operation Success!

Risk Management Framework: Learn from NIST

From heightened risks to increased regulations, senior leaders at all levels are pressured to
improve their organizations' risk management capabilities. But no one is showing them how -
until now.

Learn the fundamentals of developing a risk management program from the man who wrote the book
on the topic: Ron Ross, computer scientist for the National Institute of Standards and
Technology. In an exclusive presentation, Ross, lead author of NIST Special Publication 800-37
- the bible of risk assessment and management - will share his unique insights on how to:

Understand the current cyber threats to all public and private sector organizations;

Develop a multi-tiered risk management approach built upon governance, processes and
information systems;